Msrc Windows Rt 8.1 vulnerabilities

CVE-2022-38000 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to

CVE-2022-37994 [HIGH] Windows Group Policy Preference Client Elevation of Privilege Vulnerability Windows Group Policy Preference Client Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Group Policy Preference Client: Windows Group Policy Preference Client Microsoft: Microsoft Customer Action Required: Yes Impa

CVE-2022-38051 [HIGH] Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2022-38045 [HIGH] Windows Server Service Elevation of Privilege Vulnerability Windows Server Service Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. Windows Server Service: Windows Server Service Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclos

CVE-2022-24504 [HIGH] Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This could result in remote code execution on the server side. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What doe

CVE-2022-37987 [HIGH] Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Client Server Run-time Subsystem (CSRSS): Client Server Run-time Subsystem (CSRSS) Microsoft: Microsoft Customer Ac

CVE-2022-38040 [HIGH] Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Windows ODBC Driver:

CVE-2022-37981 [MEDIUM] Windows Event Logging Service Denial of Service Vulnerability Windows Event Logging Service Denial of Service Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. Windows Event Logging Service: Windows Event Logging Service Microsoft: Microsoft

CVE-2022-37965 [MEDIUM] Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Remote Access Service Point-to-Point Tunneling Protocol: Remote Access Service Point-to-Point Tunneling Protocol Mic

CVE-2022-37985 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Stat

CVE-2022-37996 [MEDIUM] Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows NTFS: Windows NTFS Microsoft: Microsoft Customer Action

CVE-2022-38043 [MEDIUM] Windows Security Support Provider Interface Information Disclosure Vulnerability Windows Security Support Provider Interface Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain kernel memory content. FAQ: How the attacker exploit this vulnerability? A locally authenticated attacker can create a specially crafted request which crashes the client on

CVE-2022-37977 [MEDIUM] Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Windows Local Security Authority Subsystem Service (LSASS): Windows Local Security Authority Subsystem Service (LSASS) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Sof

CVE-2022-38033 [MEDIUM] Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploits this vulnerability would be able to remotely read registry keys under HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine not normally accessible to a norma

CVE-2022-38032 [MEDIUM] Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An authenticated attacker who successfully exploited this vulnerability could bypass "Deny Read/Write USB devices" Group Policy settings and access USB devices attached to a vulnerable system. Windows Portable De

CVE-2022-38026 [MEDIUM] Windows DHCP Client Information Disclosure Vulnerability Windows DHCP Client Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory. Windows DHCP Client: Windows DHCP Client Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Late

CVE-2022-35770 [MEDIUM] Windows NTLM Spoofing Vulnerability Windows NTLM Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe. Windows NTLM: Windows NTLM Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:

CVE-2022-38022 [LOW] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete empty folders on a vulnerable system in the context of the SYSTEM account. They would not gain privileges to view or modify file contents or delete folders containing files. Windows Kernel: Windows Kernel Microsoft: Microsoft Custom

CVE-2022-34721 [CRITICAL] Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. FAQ: Does this vulnerability affect all

CVE-2022-34722 [CRITICAL] Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. FAQ: Does this vulnerability affect all